What to submit when asking for layer4 service.
This document will help with what to put in the request when asking for layer4 services.
Things to keep in mind
Currently only specific subnets can be load balanced with the layer4 switch. If your server is not on one of these subnets it will have to move to a load balanced subnet.Load balanced subnets as of 1/24/2017 are:
Virtual IPs (VIPs) that are behind the firewall (noted above in "red"), normally have a rule of "allow any" to them. Traffic destined to a VIP and configured UDP or TCP port on the load balancer will be load balanced, everything else will be dropped. OpEng will still need to know what the VIP is for new services to be sure the firewall will allow traffic to the new VIP.
Subnet SLB Health Check IP Load Balancer Description 144.92.197.128/25 144.92.197.131 Citrix/Netscaler Portal Production Public(Note: VIPs are also behind firewall) 144.92.8.0/24 144.92.8.6 Citrix/Netscaler Portal Production Private 144.92.170.0/25 144.92.170.2 Citrix/Netscaler (ITE) Test Public(Note: VIPs are also behind firewall) 144.92.7.0/24 144.92.7.5 Citrix/Netscaler (ITE) Test Private 128.104.1.128/25 128.104.1.194 Citrix/Netscaler General purpose server load balancing - Production network(Note: VIPs are also behind firewall) 128.104.236.0/23 128.104.236.4 Citrix/Netscaler Learn @ UW (Production) 144.92.127.0/25 144.92.127.4 Citrix/Netscaler Learn @ UW (Beta) 144.92.119.128/25 144.92.119.134 Citrix/Netscaler Learn @ UW (WebDAV Beta) 144.92.49.192/26 144.92.49.198 Citrix/Netscaler General purpose server load balancing - Test network (Note: VIPs are also behind firewall) 144.92.9.0/24 144.92.9.7 Citrix/Netscaler General purpose server load balancing - Production network (Note: VIPs are also behind firewall) 144.92.128.0/25 144.92.128.6 Citrix/Netscaler Restricted Data - Test Subnet (Note: VIPs are also behind firewall) 144.92.201.128/25 144.92.201.134 Citrix/Netscaler Restricted Data 2 - Production Subnet (Note: VIPs are also behind firewall) 128.104.155.0/24 128.104.155.6 Citrix/Netscaler AIMS VM network (Note: VIPs are also behind firewall) 128.104.46.0/24 128.104.46.6 Citrix/Netscaler LTG/LIRA - Production Subnet (Note: VIPs are also behind firewall) 128.104.31.64/26 128.104.31.70 Citrix/Netscaler Restricted Data 3 - Production Subnet (Note: VIPs are also behind firewall) 128.104.22.0/24 128.104.22.6 Citrix/Netscaler General purpose server load balancing - Production network (Note: VIPs are also behind firewall) 144.92.104.0/24144.92.104.6 Citrix/Netscaler General purpose server load balancing - Production network (Note: VIPs are also behind firewall) 144.92.26.96/27 144.92.26.105 Citrix/Netscaler General purpose server load balancing - Production network (Note: VIPs are also behind firewall) 128.104.54.0/24 128.104.54.6 Citrix/Netscaler DoIT Shared Web Hosting Network 3 (Note: VIPs are also behind firewall) 128.104.53.160/27 128.104.53.190 Citrix/Netscaler OCIS Logging (Note: VIPs are also behind firewall) 128.104.50.0/24
2607:f388:2:1::/64128.104.50.6
2607:f388:2:1::6Citrix/Netscaler CCI Shared L4 Services (Note: VIPs are also behind firewall) 128.104.221.0/25 128.104.221.6 Citrix/Netscaler CCI Shared Restricted Data L4 Services (Note: VIPs are also behind firewall) 128.104.82.0/25 128.104.82.6 Citrix/Netscaler DoIT Data Center Prod Restricted Data 3 (Note: VIPs are also behind firewall)
10.130.165.0/24 10.130.165.6 Citrix/Netscaler OCIS Logging (Note: VIPs are also behind firewall) 10.128.127.0/24 10.128.127.6 Citrix/Netscaler DoIT Shared Web Hosting RFC1918 Network 10.130.171.128/25 10.130.171.168 Citrix/Netscaler DoIT VOIP 144.92.5.128/25 144.92.5.134 Citrix/Netscaler AIMS VDI Access Points
Add/change/deletion examples
Example #1 Please forward this case to Network Services. I need the following L4 config created: VIP = 144.92.197.135 (my.wisc.edu) Server = 144.92.197.205 (unas.doit.wisc.edu) Server = 144.92.197.165 (djer.doit.wisc.edu) Server = 144.92.197.166 (sethos.doit.wisc.edu) TCP Port = 80, metric = hash TCP Port = 443, metric = hash TCP Port = 25, metric = roundrobin Date/Time when this can be done: anytime Thanks, sysadmin Chuck Example #2 Please forward this case to Network Services. I need the following server ADDED to an already existing VIP: VIP = 144.92.197.135 (my.wisc.edu) Server = 144.92.197.202 (den.doit.wisc.edu) TCP Port = 80 TCP Port = 443 Date/Time when this can be done: anytime Thanks, sysadmin Chuck Example #3 Please forward this case to Network Services. I need the following server REMOVED from the layer4 switch: Server = 144.92.197.164 (darius.doit.wisc.edu) Date/Time when this can be done: anytime Thanks, sysadmin Chuck Example #4 Please forward this case to Network Services. I need the following TCP port REMOVED from the followng VIP: VIP = 144.92.197.135 (my.wisc.edu) TCP Port = 25 Date/Time when this can be done: anytime Thanks, sysadmin Chuck
Citrix/Netscaler Metrics and Health Checking
Metrics for the Citrix Netscaler can be found here.Health checks for the Citrix Netscaler can be found here